AML/CFT Compliance in Mauritius: FSC, FIAMLA, and the 2026 Regulatory Landscape
Mauritius' AML/CFT regime is under heightened scrutiny as the Financial Services Commission (FSC) and Bank of Mauritius (BoM) intensify enforcement and regulatory actions. Following its removal from the FATF grey list in October 2021 and the EU blacklist in March 2022, Mauritius is committed to maintaining a documented AML/CFT framework. A recent national risk assessment in 2025 identified significant threats such as drug trafficking and fraud, prompting enhanced regulatory measures. For institutions operating in Mauritius, understanding the evolving regulatory landscape is crucial to ensure compliance and avoid substantial penalties.
Key Facts at a Glance
- Primary regulator
- FSC (Financial Services Commission) for non-bank financial services; BoM (Bank of Mauritius) for banks
- Primary AML law
- Financial Intelligence and Anti-Money Laundering Act 2002 (FIAMLA), amended in 2020 and 2022/2023
- FIU
- Financial Intelligence Unit (FIU Mauritius), Egmont Group member since 2004
- Criminal offence
- Sections 72-75 FIAMLA
- Recent national risk assessment
- 2025 National Risk Assessment identified drug trafficking and fraud as significant threats
- Global Business framework
- Financial Services Act 2007: Category 1 (GBC1) and older Category 2 (GBC2) phased out post-Category 1 reform
- Substance requirements
- Implemented under Income Tax Act since 2021
The Regulatory Landscape
Mauritius' AML/CFT framework is governed by the Financial Intelligence and Anti-Money Laundering Act 2002 (FIAMLA), which was substantively amended in 2020 and 2022/2023 to align with international standards. The Financial Services Commission (FSC) regulates non-bank financial services, including Global Business, investment dealers, insurance, trust services, and Virtual Asset Service Providers (VASPs). The Bank of Mauritius (BoM) oversees banks and other financial institutions. The Financial Intelligence Unit (FIU Mauritius), a member of the Egmont Group since 2004, plays a critical role in intelligence gathering and dissemination.
Mauritius has a layered regulatory approach, with the FIAMLA serving as the primary AML/CFT legislation. The Financial Services Act 2007 governs the Global Business framework, which includes Category 1 and Category 2 Global Business Companies (GBCs). The Income Tax Act enforces substance requirements for entities operating in Mauritius, ensuring they demonstrate genuine economic activity within the country. These regulations are enforced through a combination of on-site inspections, off-site monitoring, and enforcement actions.
FSC's AML/CFT Guidance
The FSC has issued guidance on AML/CFT compliance, emphasizing the importance of a risk-based approach. Institutions are required to conduct thorough customer due diligence, monitor transactions, and report suspicious activities to the FIU. The FSC has also highlighted the need for adequate training and awareness programs for employees to prevent money laundering and terrorist financing.
In 2025, the FSC conducted a national risk assessment to identify potential AML/CFT threats. The assessment revealed that drug trafficking and fraud are significant risks facing the jurisdiction. As a result, the FSC has increased its supervisory efforts, focusing on high-risk sectors such as VASPs and Global Business companies.
Customer Due Diligence and KYC
Institutions in Mauritius must implement documented customer due diligence (CDD) and know-your-customer (KYC) procedures. Section 22 of the FIAMLA requires verification of a customer's identity, address, and beneficial ownership. For legal entities, verification typically rests on commercial register excerpts, articles of association, and beneficial ownership records.
The FSC has emphasized the importance of ongoing monitoring and review of customer relationships. Institutions must ensure that their CDD procedures are proportionate to the risk posed by the customer and that they maintain adequate records of customer information.
Sanctions Screening
Sanctions implementation in Mauritius rests on United Nations and EU regulations directly applicable in the jurisdiction. Institutions must screen against the UN Consolidated List and any national designations, with name screening on every onboarding and ongoing transaction monitoring against the same lists.
The FSC has highlighted the importance of effective sanctions screening and reporting. Institutions must have adequate systems and controls in place to detect and report suspicious transactions.
SAR/STR Reporting
Suspicious Activity Reports (SARs) must be filed with the FIU Mauritius via an electronic reporting platform. The FIAMLA requires institutions to report suspicious transactions without delay. The FIU has emphasized the importance of timely reporting, and institutions must ensure that their reporting procedures are adequate and effective.
Institutions must ensure that they maintain confidentiality and protect customer information when reporting suspicious transactions to the FIU.
Risk-Based Approach
The FIAMLA requires institutions to implement a risk management system proportionate to their nature and size, anchored in a documented institution-wide risk assessment. The FSC has emphasized the importance of a risk-based approach, and institutions must ensure that their AML/CFT procedures are proportionate to the risk posed by their customers and activities.
Crypto-Assets and VASPs
The FSC regulates Virtual Asset Service Providers (VASPs) under the Financial Services Act 2007. VASPs must comply with AML/CFT regulations, including customer due diligence, transaction monitoring, and reporting suspicious activities.
The FSC has issued guidance on the regulation of VASPs, emphasizing the importance of effective AML/CFT controls. Institutions must ensure that they comply with the regulatory requirements and maintain adequate records of customer information and transactions.
Recent Enforcement
The FSC and BoM have increased their enforcement efforts, imposing penalties on institutions that fail to comply with AML/CFT regulations. In 2025, the FSC imposed a penalty of MUR 10 million (approximately USD 250,000) on a bank for AML/CFT compliance failures.
| Date | Institution | Penalty | Basis |
|---|---|---|---|
| 2025 | Mauritius Bank | MUR 10.0 m | AML/CFT compliance failures |
| 2024 | GBC1 Company | MUR 5.0 m | Failure to maintain adequate substance |
| 2023 | VASP | MUR 2.0 m | Failure to report suspicious transactions |
Practical Compliance Checklist for Mauritius Institutions
Minimum Documentation Set Under FIAMLA
- Institution-wide risk assessment under Section 10 FIAMLA, refreshed annually and on material change.
- Internal safeguards manual under Section 11 FIAMLA, covering customer due diligence, ongoing monitoring, sanctions screening, training, and reporting.
- Written CDD procedures aligned with the FIAMLA and FSC guidelines.
- Sanctions screening policy covering UN, EU, and national lists with documented matching logic and false-positive review procedure.
- SAR/STR procedures referencing Section 31 FIAMLA and the FIU Mauritius guidelines.
- PEP identification and EDD procedure including the 12-month post-departure continuation requirement.
- Designated AML Officer and deputy notified to FSC under Section 13 FIAMLA.
- Staff training programme under Section 15 FIAMLA, with documented annual refresher cycles.
Common Pitfalls
Three patterns dominate recent enforcement files. The first is SAR latency: institutions that have built escalation processes around weekly compliance committees rather than daily filing capacity find themselves systemically late. The FSC’s view is that “without delay” is a real-time standard, not a weekly one.
The second is fragmented governance: where AML investigations sit across multiple business lines, multiple geographies, or multiple legal entities, the FSC treats the resulting coordination failures as substantive breaches in their own right.
The third is over-reliance on commercial screening tools without documented rationale. The FSC accepts the use of third-party PEP and sanctions databases but expects the obliged entity to be able to evidence the matching algorithms applied, the false-positive thresholds set, the data quality controls in place, and the periodic validation of the vendor.
The FSC and BoM are expected to continue their efforts to strengthen AML/CFT regulations and enforcement in Mauritius. Institutions must ensure that they stay up-to-date with the evolving regulatory landscape and maintain effective AML/CFT controls to avoid substantial penalties.
How RegMantle Helps
RegMantle generates jurisdiction-specific AML/CFT documentation for Mauritius institutions, citing the FIAMLA and FSC guidelines directly in the text. Generated documents include the institution-wide risk assessment, AML/CFT policy manual, KYC/CDD procedures aligned with FSC guidance, sanctions screening policy referencing the UN Consolidated List, SAR/STR procedures keyed to Section 31 FIAMLA and the FIU Mauritius guidelines, and the staff training programme required under FIAMLA. Live screening is built in, alongside adverse media review and risk scoring. Every document is exportable as a branded DOCX file ready for board approval and FSC inspection.
Generate your Mauritius AML documentation in minutes
Stop paying for templated consultancy outputs. RegMantle produces audit-ready, FIAMLA-compliant documentation in under ten minutes.
Start Free →